ScreenShot
| Created | 2023.11.04 10:33 | Machine | s1_win7_x6403 |
| Filename | TrueCrypt_BcCqcw.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 16 detected (AIDetectMalware, malicious, high confidence, Attribute, HighConfidence, Detected, Sabsik, RedLine, WinGo, FileRepMalware, confidence) | ||
| md5 | bf85e5d13200077c89650c3c2fb48a84 | ||
| sha256 | 6ac39889666cc354bfebf0a08e1c458ce3323464550929b32ec2071c493bbaa2 | ||
| ssdeep | 98304:zssv7Ac/2O/MwBrFUGzudVZsEqOcOrOdzcKCVgXFHTYlrnhONkgP44iB:ww1M3dVfqOcOrOdzc9VQzghOeC | ||
| imphash | 85cddd6092e65c1a58dd1e6e9ab9fc63 | ||
| impfuzzy | 48:qJrKxMCy9cmVKeFR+2F42xQHpdXiX1PJOmSplTJGfYJ861k1vcqTjz:qJexMCyamXRHF42xQHPXiX1Pgb7TJGQA | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140ea045c AddAtomA
0x140ea0464 AddVectoredExceptionHandler
0x140ea046c CloseHandle
0x140ea0474 CreateEventA
0x140ea047c CreateFileA
0x140ea0484 CreateIoCompletionPort
0x140ea048c CreateMutexA
0x140ea0494 CreateSemaphoreA
0x140ea049c CreateThread
0x140ea04a4 CreateWaitableTimerExW
0x140ea04ac DeleteAtom
0x140ea04b4 DeleteCriticalSection
0x140ea04bc DuplicateHandle
0x140ea04c4 EnterCriticalSection
0x140ea04cc ExitProcess
0x140ea04d4 FindAtomA
0x140ea04dc FormatMessageA
0x140ea04e4 FreeEnvironmentStringsW
0x140ea04ec GetAtomNameA
0x140ea04f4 GetConsoleMode
0x140ea04fc GetCurrentProcess
0x140ea0504 GetCurrentProcessId
0x140ea050c GetCurrentThread
0x140ea0514 GetCurrentThreadId
0x140ea051c GetEnvironmentStringsW
0x140ea0524 GetHandleInformation
0x140ea052c GetLastError
0x140ea0534 GetProcAddress
0x140ea053c GetProcessAffinityMask
0x140ea0544 GetQueuedCompletionStatusEx
0x140ea054c GetStartupInfoA
0x140ea0554 GetStdHandle
0x140ea055c GetSystemDirectoryA
0x140ea0564 GetSystemInfo
0x140ea056c GetSystemTimeAsFileTime
0x140ea0574 GetThreadContext
0x140ea057c GetThreadPriority
0x140ea0584 GetTickCount
0x140ea058c InitializeCriticalSection
0x140ea0594 IsDBCSLeadByteEx
0x140ea059c IsDebuggerPresent
0x140ea05a4 LeaveCriticalSection
0x140ea05ac LoadLibraryA
0x140ea05b4 LoadLibraryW
0x140ea05bc LocalFree
0x140ea05c4 MultiByteToWideChar
0x140ea05cc OpenProcess
0x140ea05d4 OutputDebugStringA
0x140ea05dc PostQueuedCompletionStatus
0x140ea05e4 QueryPerformanceCounter
0x140ea05ec QueryPerformanceFrequency
0x140ea05f4 RaiseException
0x140ea05fc ReleaseMutex
0x140ea0604 ReleaseSemaphore
0x140ea060c RemoveVectoredExceptionHandler
0x140ea0614 ResetEvent
0x140ea061c ResumeThread
0x140ea0624 SetConsoleCtrlHandler
0x140ea062c SetErrorMode
0x140ea0634 SetEvent
0x140ea063c SetLastError
0x140ea0644 SetProcessAffinityMask
0x140ea064c SetProcessPriorityBoost
0x140ea0654 SetThreadContext
0x140ea065c SetThreadPriority
0x140ea0664 SetUnhandledExceptionFilter
0x140ea066c SetWaitableTimer
0x140ea0674 Sleep
0x140ea067c SuspendThread
0x140ea0684 SwitchToThread
0x140ea068c TlsAlloc
0x140ea0694 TlsGetValue
0x140ea069c TlsSetValue
0x140ea06a4 TryEnterCriticalSection
0x140ea06ac VirtualAlloc
0x140ea06b4 VirtualFree
0x140ea06bc VirtualProtect
0x140ea06c4 VirtualQuery
0x140ea06cc WaitForMultipleObjects
0x140ea06d4 WaitForSingleObject
0x140ea06dc WideCharToMultiByte
0x140ea06e4 WriteConsoleW
0x140ea06ec WriteFile
0x140ea06f4 __C_specific_handler
msvcrt.dll
0x140ea0704 ___lc_codepage_func
0x140ea070c ___mb_cur_max_func
0x140ea0714 __getmainargs
0x140ea071c __initenv
0x140ea0724 __iob_func
0x140ea072c __lconv_init
0x140ea0734 __set_app_type
0x140ea073c __setusermatherr
0x140ea0744 _acmdln
0x140ea074c _amsg_exit
0x140ea0754 _beginthread
0x140ea075c _beginthreadex
0x140ea0764 _cexit
0x140ea076c _commode
0x140ea0774 _endthreadex
0x140ea077c _errno
0x140ea0784 _fmode
0x140ea078c _initterm
0x140ea0794 _lock
0x140ea079c _memccpy
0x140ea07a4 _onexit
0x140ea07ac _setjmp
0x140ea07b4 _strdup
0x140ea07bc _ultoa
0x140ea07c4 _unlock
0x140ea07cc abort
0x140ea07d4 calloc
0x140ea07dc exit
0x140ea07e4 fprintf
0x140ea07ec fputc
0x140ea07f4 free
0x140ea07fc fwrite
0x140ea0804 localeconv
0x140ea080c longjmp
0x140ea0814 malloc
0x140ea081c memcpy
0x140ea0824 memmove
0x140ea082c memset
0x140ea0834 printf
0x140ea083c realloc
0x140ea0844 signal
0x140ea084c strerror
0x140ea0854 strlen
0x140ea085c strncmp
0x140ea0864 vfprintf
0x140ea086c wcslen
EAT(Export Address Table) Library
0x140e9dae0 _cgo_dummy_export
KERNEL32.dll
0x140ea045c AddAtomA
0x140ea0464 AddVectoredExceptionHandler
0x140ea046c CloseHandle
0x140ea0474 CreateEventA
0x140ea047c CreateFileA
0x140ea0484 CreateIoCompletionPort
0x140ea048c CreateMutexA
0x140ea0494 CreateSemaphoreA
0x140ea049c CreateThread
0x140ea04a4 CreateWaitableTimerExW
0x140ea04ac DeleteAtom
0x140ea04b4 DeleteCriticalSection
0x140ea04bc DuplicateHandle
0x140ea04c4 EnterCriticalSection
0x140ea04cc ExitProcess
0x140ea04d4 FindAtomA
0x140ea04dc FormatMessageA
0x140ea04e4 FreeEnvironmentStringsW
0x140ea04ec GetAtomNameA
0x140ea04f4 GetConsoleMode
0x140ea04fc GetCurrentProcess
0x140ea0504 GetCurrentProcessId
0x140ea050c GetCurrentThread
0x140ea0514 GetCurrentThreadId
0x140ea051c GetEnvironmentStringsW
0x140ea0524 GetHandleInformation
0x140ea052c GetLastError
0x140ea0534 GetProcAddress
0x140ea053c GetProcessAffinityMask
0x140ea0544 GetQueuedCompletionStatusEx
0x140ea054c GetStartupInfoA
0x140ea0554 GetStdHandle
0x140ea055c GetSystemDirectoryA
0x140ea0564 GetSystemInfo
0x140ea056c GetSystemTimeAsFileTime
0x140ea0574 GetThreadContext
0x140ea057c GetThreadPriority
0x140ea0584 GetTickCount
0x140ea058c InitializeCriticalSection
0x140ea0594 IsDBCSLeadByteEx
0x140ea059c IsDebuggerPresent
0x140ea05a4 LeaveCriticalSection
0x140ea05ac LoadLibraryA
0x140ea05b4 LoadLibraryW
0x140ea05bc LocalFree
0x140ea05c4 MultiByteToWideChar
0x140ea05cc OpenProcess
0x140ea05d4 OutputDebugStringA
0x140ea05dc PostQueuedCompletionStatus
0x140ea05e4 QueryPerformanceCounter
0x140ea05ec QueryPerformanceFrequency
0x140ea05f4 RaiseException
0x140ea05fc ReleaseMutex
0x140ea0604 ReleaseSemaphore
0x140ea060c RemoveVectoredExceptionHandler
0x140ea0614 ResetEvent
0x140ea061c ResumeThread
0x140ea0624 SetConsoleCtrlHandler
0x140ea062c SetErrorMode
0x140ea0634 SetEvent
0x140ea063c SetLastError
0x140ea0644 SetProcessAffinityMask
0x140ea064c SetProcessPriorityBoost
0x140ea0654 SetThreadContext
0x140ea065c SetThreadPriority
0x140ea0664 SetUnhandledExceptionFilter
0x140ea066c SetWaitableTimer
0x140ea0674 Sleep
0x140ea067c SuspendThread
0x140ea0684 SwitchToThread
0x140ea068c TlsAlloc
0x140ea0694 TlsGetValue
0x140ea069c TlsSetValue
0x140ea06a4 TryEnterCriticalSection
0x140ea06ac VirtualAlloc
0x140ea06b4 VirtualFree
0x140ea06bc VirtualProtect
0x140ea06c4 VirtualQuery
0x140ea06cc WaitForMultipleObjects
0x140ea06d4 WaitForSingleObject
0x140ea06dc WideCharToMultiByte
0x140ea06e4 WriteConsoleW
0x140ea06ec WriteFile
0x140ea06f4 __C_specific_handler
msvcrt.dll
0x140ea0704 ___lc_codepage_func
0x140ea070c ___mb_cur_max_func
0x140ea0714 __getmainargs
0x140ea071c __initenv
0x140ea0724 __iob_func
0x140ea072c __lconv_init
0x140ea0734 __set_app_type
0x140ea073c __setusermatherr
0x140ea0744 _acmdln
0x140ea074c _amsg_exit
0x140ea0754 _beginthread
0x140ea075c _beginthreadex
0x140ea0764 _cexit
0x140ea076c _commode
0x140ea0774 _endthreadex
0x140ea077c _errno
0x140ea0784 _fmode
0x140ea078c _initterm
0x140ea0794 _lock
0x140ea079c _memccpy
0x140ea07a4 _onexit
0x140ea07ac _setjmp
0x140ea07b4 _strdup
0x140ea07bc _ultoa
0x140ea07c4 _unlock
0x140ea07cc abort
0x140ea07d4 calloc
0x140ea07dc exit
0x140ea07e4 fprintf
0x140ea07ec fputc
0x140ea07f4 free
0x140ea07fc fwrite
0x140ea0804 localeconv
0x140ea080c longjmp
0x140ea0814 malloc
0x140ea081c memcpy
0x140ea0824 memmove
0x140ea082c memset
0x140ea0834 printf
0x140ea083c realloc
0x140ea0844 signal
0x140ea084c strerror
0x140ea0854 strlen
0x140ea085c strncmp
0x140ea0864 vfprintf
0x140ea086c wcslen
EAT(Export Address Table) Library
0x140e9dae0 _cgo_dummy_export